Whereas function privacy is inherently limited in the public-key setting, in the private-key setting it has a tremendous potential. Specifically, one can hope to construct schemes where encryptions of messages $m_1, \ldots, m_T$ together with decryption keys corresponding to functions $f_1, \ldots, f_T$, reveal essentially no information other than the values $\{ f_i(m_j)\}_{i,j\in [T]}$. Despite its great potential, the known function-private private-key schemes either support rather limited families of functions (such as inner products), or offer somewhat weak notions of function privacy.
We present a generic transformation that yields a function-private functional encryption scheme, starting with any non-function-private scheme for a sufficiently rich function class. Our transformation preserves the message privacy of the underlying scheme, and can be instantiated using a variety of existing schemes. Plugging in known constructions of functional encryption schemes, we obtain function-private schemes based either on obfuscation assumptions, on the Learning with Errors assumption, and even on the existence of any one-way function (offering various trade-offs between security and efficiency).
Category / Keywords: Date: received 14 Jul 2014, last revised 8 Jan 2015 Contact author: segev at cs huji ac il Available format(s): PDF | BibTeX Citation Version: 20150108:190209 (All versions of this report) Discussion forum: Show discussion | Start new discussion